What are phishing scams?

What is phishing?

Phishing scams are generally email messages appearing to come from legitimate sources (your credit card company, your Internet service provider or your bank). These messages usually direct you to a fake (spoofed) website or otherwise get you to enter private information (secret answers, credit card #, passwords etc.). The criminals then use this private information to commit identity theft.

An example of a common method used is an email message stating that you are receiving it due to fraudulent activity on your account, and asking you to “click here” to verify your information.

Phishing scams are social engineering tools used to induce panic. These scams attempt to trick you into responding or clicking immediately, by claiming you will lose something (account access, email, bank account). Such a claim is always a red flag of a phishing scam, as responsible orginizations will never take these types of actions via email.

Tips related to phishing scams:

  • Reputable organizations will never use email to request that you reply with your password, full Social Security number, or confidential personal information. Be suspicious of any email message that asks you to enter or verify personal information, through a website or by replying to the message itself. Never reply to or click the links in such a message. If you think the message may be legitimate, go directly to the company’s website or contact the company to see if you really do need to take the action described in the email message.
  • The safest practice is to read your email as plain text. Phishing messages often contain clickable images that look legitimate; by reading messages in plain text, you can see the URLs that any images point to. Additionally, when you allow your mail client to read HTML or other non-text-only formatting, attackers can take advantage of your mail client’s ability to execute code, which leaves your computer vulnerable to viruses, worms, and Trojans.

If you choose to read your email in HTML format:

  • Hover your mouse over the links in each email message to display the actual URL. Check whether the hover-text link matches what’s in the text, and whether the link looks like a site with which you would normally do business.
  • On an iOS device, tap and hold your finger over a link to display the URL. Unfortunately, Android does not currently support this.
  • Before you click a link, check to see if the message sender used a digital signature when sending the message. A digital signature helps ensure that the message actually came from the sender.

When you recognize a phishing message, first report it and then delete the email message and finally empty it from the deleted items folder to avoid accidentally accessing the websites it points to.

If you are worried about phishing scams or any other malevolent emails please do not hesitate to reach out to Vintage IT Services.  We have a wide range of services that can assist in protecting you against phishing scams and many other common threats.